[30199] in Kerberos
Re: ktutil get
daemon@ATHENA.MIT.EDU (Victor Sudakov)
Wed Aug 6 08:44:20 2008
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Wed, 6 Aug 2008 02:38:39 +0000 (UTC)
Message-ID: <g7b2rf$21n6$1@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: "Javier Palacios" <javiplx@gmail.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Javier Palacios wrote:
> >>
> >> Am I asking something stupid? How do you securely transfer a keytab
> >> for the host principal to the host? "ktutil get" does just that.
> >>
> > Is 'kadmin -q "ktadd /tmp/keytab" ' what you're looking for?
> I think what Victor actually ask is a single command to do something like
> kadmin -q "addprinc -randkey `hostname -f`" && kadmin -q "ktadd `hostame -f`"
http://www.freebsd.org/cgi/man.cgi?query=ktutil
You run "ktutil get host/A" on host A and it does the following in one
step:
1. Contacts the remote kadmind, creates the principal host/A there
with a random key.
2. Securely transfers the keys back to host A.
3. Installs them in host A's keytab.
which is a very convenient way of joining a host into a Kerberos
domain. This method does not require any external means to transfer a
keytab (like ssh or floppy).
From your replies I guess that this convenient feature is totally
missing from MIT Kerberos :(( or is implemented in a totally different
manner.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
